String Match
Cesar
listas at itm.net.br
Thu Nov 10 08:58:57 PST 2005
Its not a bad ideia since I see a lot of people searching for P2P traffic
control/shaper.
I'm operating an ISP with 3000 broadband users ... And yes. I can call they
untrusted, but this is not the point.
With ipfw I can do per IP traffic shaping, but what about if I can limit a
IP in 256kbps and say that this IP will be able to use only 128Kbps for P2P
traffic.
As I said, I do this nowadays creating rules based on P2P ports, as well as
m0n0wall do. However it is not efficient as iptables is.
I tried a linux based system ( Mikrotik ) to limit P2P and it matched almost
100% of P2P traffic ... And as I know, ipfw can't do this.
And maybe this kind of string match can become useful to other things.
Cesar
----- Original Message -----
From: "Oliver Fromme" <olli at lurza.secnetix.de>
To: <freebsd-ipfw at FreeBSD.ORG>
Sent: Thursday, November 10, 2005 12:55 PM
Subject: Re: String Match
> Cesar <listas at itm.net.br> wrote:
> >
> > Sorry for my bad explanation ...
> >
> > I want to do with ipfw what the IPP2P (http://www.ipp2p.org) do, it use
> > a
> > modification in linux kernel/iptables some kind of "string match" to
> > identify P2P traffic.
>
> Which is basically a bad idea, as I have explained in my
> previous mail.
>
> > Nowadays I use port based rules to limit P2P traffic, which is not a
> > good
> > solution since most of P2P programs are using random ports.
>
> May I ask why do you need to do that? Are you operating
> an internet router for untrusted users?
>
> Best regards
> Oliver
>
> --
> Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing
> Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd
> Any opinions expressed in this message may be personal to the author
> and may not necessarily reflect the opinions of secnetix in any way.
>
> "I invented Ctrl-Alt-Delete, but Bill Gates made it famous."
> -- David Bradley, original IBM PC design team
> _______________________________________________
> freebsd-ipfw at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe at freebsd.org"
>
More information about the freebsd-ipfw
mailing list